Restrict vtpm access to neede directories only

Restrict vtpm access to needed directories only, it doesn't need access to all of the /persist and /run, just /persist/swtpm and /run/swtpm. Signed-off-by: Shahriyar Jalayeri <[email protected]>
lf-edge · Sep 3, 2024 · 58830f0 · 58830f0
1 parent 9f55aac
commit 58830f0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pkg/vtpm/build.yml b/pkg/vtpm/build.yml
@@ -10,8 +10,8 @@ config:
   additionalGids: [100]
   binds:
     - /dev:/dev
-    - /run:/run
-    - /persist:/persist
+    - /run/swtpm:/run/swtpm
+    - /persist/swtpm:/persist/swtpm
   devices:
     - path: all
       type: a